Changes - j0ke.net Open Build Service

Changes of Revision 30

[-] [+]	Changed	tengine.spec
@@ -8,7 +8,7 @@ %define nginx_webroot %{nginx_datadir}/html Name: tengine -version: 1.4.5 +version: 1.4.6 Release: 1 Summary: Robust, small and high performance http and reverse proxy server forked from nginx Group: System Environment/Daemons @@ -202,6 +202,8 @@ %changelog -* Fri May 10 2013 Juergen Gotteswinter <jg@internetx.de> - 1.4.1-1 -- initial tengine build 1.4.1 +* Fri May 27 2013 Juergen Gotteswinter <jg@internetx.de> - 1.4.6-1 +- initial tengine build 1.4.6 +* Fri May 24 2013 Juergen Gotteswinter <jg@internetx.de> - 1.4.5-1 +- initial tengine build 1.4.5
[-] [+]	Changed	tengine-1.4.6.tar.gz/CHANGES ^
@@ -1,4 +1,11 @@ +Changes with nginx 1.2.9 13 May 2013 + + ) Security: contents of worker process memory might be sent to a client + if HTTP backend returned specially crafted response (CVE-2013-2070); + the bug had appeared in 1.1.4. + + Changes with nginx 1.2.8 02 Apr 2013 ) Bugfix: new sessions were not always stored if the "ssl_session_cache
[-] [+]	Changed	tengine-1.4.6.tar.gz/CHANGES.cn ^
@@ -1,4 +1,7 @@ +Tengine-1.4.6 [2013-05-14] +* Bugifx：合并nginx-1.2.9的更新，修正CVE-2013-2070带来的安全问题。该安全问题在1.4.0以后开始出现 [yaoweibin] + Tengine-1.4.5 [2013-05-01] * Feature：增加一致性hash模块，可以为后端服务器提供一致性hash的负载均衡方法 [dinic] * Feature：通过keepalive_timeout指令可以设置后端keepalive连接的超时时间 [jinglong]
[-] [+]	Changed	tengine-1.4.6.tar.gz/CHANGES.ru ^
@@ -1,4 +1,11 @@ +Изменения в nginx 1.2.9 13.05.2013 + + ) Безопасность: содержимое памяти рабочего процесса могло быть + отправлено клиенту, если HTTP-бэкенд возвращал специально созданный + ответ (CVE-2013-2070); ошибка появилась в 1.1.4. + + Изменения в nginx 1.2.8 02.04.2013 ) Исправление: при использовании директивы "ssl_session_cache shared"
[-] [+]	Changed	tengine-1.4.6.tar.gz/CHANGES.te ^
@@ -1,4 +1,9 @@ +Changes with Tengine 1.4.6 14 May 2013 + + ) Bugfix: merged the changes of Nginx-1.2.9 and fixed the security problem + CVE-2013-2070. This bug had appeared in 1.4.0. (yaoweibin) + Changes with Tengine 1.4.5 1 May 2013 ) Feature: added the consistent_hash module which dispatches requests
[-] [+]	Changed	tengine-1.4.6.tar.gz/README ^
@@ -8,8 +8,9 @@ Features -------- -* All features of nginx-1.2.7 are inherited, i.e. it is 100% compatible with nginx. +* All features of nginx-1.2.9 are inherited, i.e. it is 100% compatible with nginx. * Dynamic module loading support. You don't need to recompile Tengine when adding new modules to it. +* More load balancing methods, e.g. consistent hashing, session persistence. * Input body filter support. It's quite handy to write Web Application Firewalls by using this mechanism. * Dynamic scripting language (Lua) support, which is very efficient and easy to extend core functionalities. * Logging enhancement. Syslog (local and remote), pipe logging and log sampling are supported.
[-] [+]	Changed	tengine-1.4.6.tar.gz/README.markdown ^
@@ -9,8 +9,9 @@ Features ======== -* All features of nginx-1.2.8 are inherited, i.e. it is 100% compatible with nginx. +* All features of nginx-1.2.9 are inherited, i.e. it is 100% compatible with nginx. * Dynamic module loading support. You don't need to recompile Tengine when adding new modules to it. +* More load balancing methods, e.g. consistent hashing, session persistence. * Input body filter support. It's quite handy to write Web Application Firewalls by using this mechanism. * Dynamic scripting language (Lua) support, which is very efficient and easy to extend core functionalities. * Logging enhancement. Syslog (local and remote), pipe logging and log sampling are supported.
[-] [+]	Changed	tengine-1.4.6.tar.gz/auto/make ^
@@ -525,7 +525,7 @@ -e "s/\//$ngx_regex_dirsep/g"` ngx_dso_link=${CORE_LINK:+`echo $CORE_LINK \ - \| sed -e "s/\//$ngx_regex_dirsep%%/g" -e "s/^/$ngx_long_regex_cont/"`} + \| sed -e "s/\//$ngx_regex_dirsep/g" -e "s/^/$ngx_long_regex_cont/"`} ngx_dso_feture_lib=`echo $DSO_LIBS \| awk 'BEGIN { FS="\|" } \ {for (i=1; i<=NF; i++) print $i}' \| awk -v module_name=$ngx_shared_modules \
[-] [+]	Changed	tengine-1.4.6.tar.gz/auto/options ^
@@ -106,10 +106,13 @@ ngx_http_mp4_module ngx_http_slice_module ngx_http_concat_module + ngx_http_tfs_module ngx_http_upstream_ip_hash_module ngx_http_upstream_least_conn_module - ngx_http_upstream_session_sticky_module ngx_http_upstream_keepalive_module + ngx_http_upstream_check_module + ngx_http_upstream_session_sticky_module + ngx_http_upstream_consistent_hash_module ngx_http_stub_status_module ngx_http_write_filter_module ngx_http_header_filter_module
[-] [+]	Added	tengine-1.4.6.tar.gz/docs/modules/ngx_http_upstream_consistent_hash_module_cn.md ^
@@ -0,0 +1,80 @@ +模块名 +==== + +* 一致性hash模块 + +描述 +=========== + +* 这个模块提供一致性hash作为负载均衡算法。 + +* 该模块通过使用客户端信息(如：$ip, $uri, $args等变量)作为参数，使用一致性hash算法将客户端映射到后端机器 + +* 如果后端机器宕机，这请求会被迁移到其他机器 + +* `server` id 字段，如果配置id字段，则使用id字段作为server标识，否则使用server ip和端口作为server标识， + + 使用id字段可以手动设置server的标识，比如一台机器的ip或者端口变化，id仍然可以表示这台机器。使用id字段 + + 可以减低增减服务器时hash的波动。 + +* `server` wegiht 字段，作为server权重，对应虚拟节点数目 + +* 具体算法，将每个server虚拟成n个节点，均匀分布到hash环上，每次请求，根据配置的参数计算出一个hash值，在hash环 + + 上查找离这个hash最近的虚拟节点，对应的server作为该次请求的后端机器。 + +* 该模块可以根据配置参数采取不同的方式将请求均匀映射到后端机器，比如： + + `consistent_hash $remote_addr`：可以根据客户端ip映射 + + `consistent_hash $request_uri`：根据客户端请求的uri映射 + + `consistent_hash $args`：根据客户端携带的参数进行映射 + + +例子 +=========== + + worker_processes 1; + + http { + upstream test { + consistent_hash $request_uri; + + server 127.0.0.1:9001 id=1001 weight=3; + server 127.0.0.1:9002 id=1002 weight=10; + server 127.0.0.1:9003 id=1003 weight=20; + } + } + + +指令 +========== + +consistent_hash +------------------------ + +Syntax: consistent_hash variable_name + +Default: none + +Context: upstream + +配置upstream采用一致性hash作为负载均衡算法，并使用配置的变量名作为hash输入。 + + +编译安装 +=========== + +* 在configure的时候打开一致性hash模块，关闭使用选项`--without-http_upstream_consistent_hash_module`。 + + $ ./configure + +* 编译 + + $ make + +* 安装模块 + + $ make install
[-] [+]	Changed	tengine-1.4.6.tar.gz/src/core/nginx.h ^
@@ -9,12 +9,12 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1002008 -#define NGINX_VERSION "1.2.8" +#define nginx_version 1002009 +#define NGINX_VERSION "1.2.9" #define NGINX_VER "nginx/" NGINX_VERSION -#define tengine_version 1004005 -#define TENGINE_VERSION "1.4.5" +#define tengine_version 1004006 +#define TENGINE_VERSION "1.4.6" #define TENGINE_VER "Tengine/" TENGINE_VERSION #define NGINX_VAR "NGINX"
[-] [+]	Changed	tengine-1.4.6.tar.gz/src/core/ngx_string.c ^
@@ -1622,7 +1622,7 @@ state = sw_usual; - d++ = ch; + d++ = '%'; d++ = ch; break; @@ -1685,6 +1685,7 @@ / the invalid quoted character / + d++ = '%'; d++ = (s - 2); d++ = (s - 1); break; } }
[-] [+]	Changed	tengine-1.4.6.tar.gz/src/http/modules/ngx_http_proxy_module.c ^
@@ -1865,6 +1865,10 @@ } + if (ctx->size < 0 \|\| ctx->length < 0) { + goto invalid; + } + return rc; done:
[-] [+]	Changed	tengine-1.4.6.tar.gz/src/http/modules/ngx_http_upstream_consistent_hash_module.c ^
@@ -220,9 +220,6 @@ id = sid * 256 * 16 + j; server->hash = ngx_murmur_hash2((u_char *) (&id), 4); - ngx_snprintf(hash_buf, 256, "%V#%i%Z", &peer->name, j); - hash_len = ngx_strlen(hash_buf); - server->hash = ngx_murmur_hash2(hash_buf, hash_len); } }
[-] [+]	Changed	tengine-1.4.6.tar.gz/src/http/modules/perl/nginx.pm ^
@@ -50,7 +50,7 @@ HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '1.2.8'; +our $VERSION = '1.2.9'; require XSLoader; XSLoader::load('nginx', $VERSION);
[-] [+]	Added	tengine-1.4.6.tar.gz/tests/nginx-tests/cases/string.t ^
@@ -0,0 +1,83 @@ +#!/usr/bin/perl + +# Tests for string.c. + +############################################################################### + +use warnings; +use strict; + +use Test::More; + +BEGIN { use FindBin; chdir($FindBin::Bin); } + +use lib 'lib'; +use Test::Nginx; + +############################################################################### + +select STDERR; $\| = 1; +select STDOUT; $\| = 1; + +my $t = Test::Nginx->new()->plan(4); + +$t->set_dso("ngx_http_fastcgi_module", "ngx_http_fastcgi_module.so"); +$t->set_dso("ngx_http_uwsgi_module", "ngx_http_uwsgi_module.so"); +$t->set_dso("ngx_http_scgi_module", "ngx_http_scgi_module.so"); +$t->set_dso("ngx_http_upstream_ip_hash_module", "ngx_http_upstream_ip_hash_module.so"); +$t->set_dso("ngx_http_upstream_least_conn_module", "ngx_http_upstream_least_conn_module.so"); + +$t->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +daemon off; + +%%TEST_GLOBALS_DSO%% + +events { +} + +http { + %%TEST_GLOBALS_HTTP%% + + server { + listen 127.0.0.1:8080; + server_name localhost; + + location /good { + #output: s%20elect + rewrite .* http://127.0.0.1/s%20elect; + } + + location /good1 { + #output: s&elect + rewrite .* http://127.0.0.1/s%26elect; + } + + location /invalid { + #output: s%elect + rewrite .* http://127.0.0.1/s%elect; + } + + location /invalid1 { + #output: se%lect + rewrite .* http://127.0.0.1/se%lect; + } + } +} + +EOF + +$t->write_file('index.html', 'hello, tengine!'); + +$t->run(); + +############################################################################### + +like(http_get('/good'), qr/s%20elect/, 'good'); +like(http_get('/good1'), qr/s&elect/, 'good1'); +like(http_get('/invalid'), qr/s%elect/, 'invalid'); +like(http_get('/invalid1'), qr/se%lect/, 'invalid1'); + +###############################################################################